Reputation: 3760
How to add access to EKS aws-auth config map for users managed by IAM Identity Center
I'm trying to authenticate users managed in AWS IAM Identity Center to AWS EKS (being in different AWS account then IAM Identity Center). Correct me if I'm wrong but IAM Idenity Center maps permissions (set as permission sets in account A) to roles in account B. So basically users assume role in the target account. I though that because of that I could just add role into aws-auth config map but that doesn't work, ie. as a user with assumed role I cannot see resources in AWS EKS console. The part I've added:
- groups:
- system:masters
rolearn: arn:aws:iam::xxxxxx:role/aws-reserved/sso.amazonaws.com/xxxxxx/AWSReservedSSO_AdministratorAccess_yyyyy // this is role which seems to be assumed by user configured in Identity Center
username: AWSReservedSSO_AdministratorAccess_yyyyy
What am I missing?
Upvotes: 2
Views: 1139
Answers (1)
Reputation: 3760
Just if anyone is looking for the solution I'm anwering my question:
rolearn should have a format of: arn:aws:iam::xxxx:role/AWSReservedSSO_AdministratorAccess_yyyyy
Upvotes: 5
Related Questions
- Terraform enable EKS cluster access for other IAM users
- How can I map IAM group to EKS cluster in AWS?
- Give all users of an AWS account access to an EKS cluster
- Attach IAM Role to Serviceaccount from a Pod in EKS
- Access remote EKS cluster from an EKS pod, using an assumed IAM role
- IAM user security credentials not reflected in AWS credentials file
- Enabling AWS Group to access AWS EKS cluster
- Unable to get aws-iam-authenticator in config-map while applying through AWS CodeBuild
- How to set an IAM user to have specific rights in Kubernetes Cluster on AWS.
- How to map AWS ACCESS KEY to IAM user?